9066 matches found
CVE-2002-1511
The CVE-2002-1511 issue affects the vncserver wrapper for VNC prior to version 3.3.3r2-21, which uses rand() instead of srand() and thus generates weak cookies. Consequences are limited to authentication cookie guessing for VNC access. Publicly documented fixes are available: Red Hat RHSA-2003:06...
CVE-2002-1188
CVE-2002-1188 affects Microsoft Internet Explorer 5.01–6.0. The vulnerability arises from uses of the OBJECT tag that are not subjected to proper security checks, enabling remote attackers to disclose information by identifying the path to the Temporary Internet Files folder and accessing user da...
CVE-2002-1511
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand function instead of srand, which causes vncserver to generate weak cookies...
CVE-2002-1160
The CVE-2002-1160 issue concerns the pam_xauth module, where the default configuration forwards MIT-Magic-Cookies to new X sessions. This can enable a local attacker to gain an administrator’s X session by stealing the cookie from a temporary .xauth file created after root uses su. Public sources...
CVE-2002-1160
The default configuration of the pamxauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su...
GLSA-200408-23 : kdelibs: Cross-domain cookie injection vulnerability
The remote host is affected by the vulnerability described in GLSA-200408-23 kdelibs: Cross-domain cookie injection vulnerability kcookiejar contains a vulnerability which may allow a malicious website to set cookies for other websites under the same second-level domain. This vulnerability applie...
eGroupWare <= 1.0.00.003 Multiple Module XSS
The remote version of eGroupware is vulnerable to a cross-site scripting attack. This could allow a remote attacker to steal the cookies of a legitimate user by tricking them into clicking a maliciously crafted URL. eGroupware reportedly has other cross-site scripting vulnerabilities, though Ness...
Nihuo Web Log Analyzer 1.6 - HTML Injection
source: https://www.securityfocus.com/bid/10988/info An HTML injection vulnerability is reported in Nihuo Web Log Analyzer. The problem occurs due to a lack of proper sanitization of user-supplied input data. Attackers may potentially exploit this issue to manipulate web content or to steal...
Mozilla Firefox < 3.0.11 Multiple Vulnerabilities
Binary data 5072.prm...
Board Power contains cross-site scripting vulnerability in the 'action' parameter of 'icq.cgi'
Overview Board Power fails to filter malicious content provided in the URL, leading to a cross-site scripting vulnerability. Attackers who exploit this vulnerability may be able to execute arbitrary scripts. Description Board Power is a forum application available for multiple operating systems...
Mac OS X Terminal Application Unspecified Issue (Security Update 2003-11-04)
The remote host is missing Mac OS X Security Update 2003-11-04. This update fixes a flaw in the Terminal application that may allow a rogue web site to access the web cookies of the user of the remote host. C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include"compat.inc";...
CVE-2004-0379
Multiple cross-site scripting XSS vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts...
PHPX 2.x - 3.2.4
PHPX 3.2.4 http://www.phpx.org Versions Affected: PHPX 2.x - 3.2.4 Type of bug: Session Hi-jacking/Admin Access via Cookies Impact: Ability to steal another users account Found-by: HelloWorld Ryan Wray Vendor: Notified Table Of Contents ===================== 1 The Program 2 The Problem 3 The Proo...
phpx324.txt
PHPX 3.2.4 http://www.phpx.org Versions Affected: PHPX 2.x - 3.2.4 Type of bug: Session Hi-jacking/Admin Access via Cookies Impact: Ability to steal another users account Found-by: HelloWorld Ryan Wray Vendor: Notified Table Of Contents ===================== 1 The Program 2 The Problem 3 The Proo...
PHPX 3.2.3 - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/9569/info Multiple vulnerabilities were reported in PHPX. The specific issues include cross-site scripting, HTML injection and account hijacking via specially crafted cookies. These issues were reported to exist in PHPX 3.2.3. Earlier versions are also...
ASP Portal - Multiple Vulnerabilities
ASP Portal - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic...
ASP Portal - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic content. An attacker may reportedly inje...
Cherokee 0.1.x0.2.x0.4.x - Error Page Cross-Site Scripting
Cherokee 0.1.x0.2.x0.4.x - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/9496/info Cherokee has been reported to contain a cross-site scripting vulnerability via error pages. An attacker can exploit this issue by crafting a URI link containing the malevolent HTML or...
CVE-2003-0965
CVE-2003-0965 is a cross-site scripting (XSS) vulnerability in the Mailman admin CGI script before 2.1.4. The issue allows remote attackers to steal session cookies and perform unauthorized activities via the administrative interface. Affected: Mailman (admin CGI). Root cause: XSS in the admin UI...
CVE-2003-0965
Removed by vendor...